LiveActive security incident?Get immediate response
CVE Record

CVE-2019-25631: AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.

HighCVSS 8.6Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

AIDA64 Business 5.99.4900 has a memory corruption flaw that can let a local attacker run code with the application’s privileges. This matters where AIDA64 is installed on user workstations or admin systems. A public exploit reference exists, but the provided sources do not show CISA KEV listing or confirmed active exploitation.

Executive priority

Prioritize identification and remediation on privileged or shared Windows systems. This is not described as remotely exploitable from the internet, but public exploit information and code execution impact make it unsuitable to leave unaddressed in managed environments.

Technical view

The issue is a structured exception handling buffer overflow, categorized as CWE-787, in AIDA64 Business 5.99.4900. The source description says malicious input in SMTP display name fields within preferences or report wizard functionality can overwrite SEH pointers and execute code with application privileges. CVSS v4.0 score is 8.6 with local attack vector.

Likely exposure

Exposure is limited to systems running AIDA64 Business version 5.99.4900. The attack vector is local, so internet-facing exposure is not indicated by the provided sources. Risk is higher on shared endpoints, administrator workstations, and systems where untrusted local users can access the application.

Exploitation context

ExploitDB and VulnCheck references indicate public exploit information exists. The provided bundle does not show CISA KEV inclusion, confirmed ransomware use, or active exploitation. Because the flaw can lead to arbitrary code execution locally, treat affected installations as important to identify and update.

Researcher notes

Evidence is specific to AIDA64 Business 5.99.4900. The provided sources name the vulnerable input areas and SEH overwrite behavior, but do not provide a vendor advisory, fixed version, or active exploitation confirmation. Avoid broad assumptions about other AIDA64 editions or versions without additional evidence.

Mitigation direction

  • Inventory endpoints for AIDA64 Business 5.99.4900.
  • Check AIDA64 vendor downloads and guidance for a fixed version.
  • Upgrade affected installations if a newer vendor-supported release is available.
  • Restrict local access to systems running the affected version.
  • Remove the software where it is no longer operationally required.

Validation and detection

  • Confirm installed AIDA64 Business version on managed endpoints.
  • Review software inventory for version 5.99.4900 specifically.
  • Check whether the application is present on privileged administrator workstations.
  • Verify remediation by confirming the installed version changed or software was removed.
  • Monitor vendor and VulnCheck references for updated remediation details.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-787: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-25631 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.6 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
5Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.6CVSS 4.0HighCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NPrimary CVE score

Vulnerability scoring details

Base CVSS 4.0 score

8.6High
CVSS 4.0 vector shape for CVE-2019-25631Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Aida64AIDA64 Business5.99.4900 #Listed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-787 · source CWE mapping

Out-of-bounds Write

Out-of-bounds Write represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.